General

  • Target

    JaffaCakes118_aa140adb5c229a9035fc1a0bdd022268

  • Size

    320KB

  • Sample

    250410-pljena1nz2

  • MD5

    aa140adb5c229a9035fc1a0bdd022268

  • SHA1

    2d206f74b071665b1a153bf70ef078711181a391

  • SHA256

    226353e8050e8a762d92de3c8c81fb845de2216a8a12241d386b70872694d9a4

  • SHA512

    57ab3c8fc3d3d1b746ae09ad4ab5db9df1736a3df294348442f46e8a1d5204084e458661ecdc1ba670e99ea88b0bd38095a5cbc1d97625a2490cb9ad69947c53

  • SSDEEP

    6144:oTwuo1IV3puaibLKFHi0mofhaH05kipz016580bHFrbC86JQPDHDdx/QtqR:Gsgvm2FHi0mo5aH0qMzd5807FrWPJQPx

Malware Config

Targets

    • Target

      JaffaCakes118_aa140adb5c229a9035fc1a0bdd022268

    • Size

      320KB

    • MD5

      aa140adb5c229a9035fc1a0bdd022268

    • SHA1

      2d206f74b071665b1a153bf70ef078711181a391

    • SHA256

      226353e8050e8a762d92de3c8c81fb845de2216a8a12241d386b70872694d9a4

    • SHA512

      57ab3c8fc3d3d1b746ae09ad4ab5db9df1736a3df294348442f46e8a1d5204084e458661ecdc1ba670e99ea88b0bd38095a5cbc1d97625a2490cb9ad69947c53

    • SSDEEP

      6144:oTwuo1IV3puaibLKFHi0mofhaH05kipz016580bHFrbC86JQPDHDdx/QtqR:Gsgvm2FHi0mo5aH0qMzd5807FrWPJQPx

    • Modifies WinLogon for persistence

    • Pykspa

      Pykspa is a worm spreads via Skype uses DGA and it's written in C++.

    • Pykspa family

    • Detect Pykspa worm

    • Adds policy Run key to start application

    • Disables RegEdit via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Hijack Execution Flow: Executable Installer File Permissions Weakness

      Possible Turn off User Account Control's privilege elevation for standard users.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks